I don't want my neighbors tapping into my Wi Fi network. I am currently running 64 bit WEP encryption but is this easily crackable or not? 64 bit seems kind of low to me.
How secure is 64 bit WEP encryption?
- Thread starter CallTheFBI
- Start date
Not very, nor is 128bit wep especially if they're living next door. Do you really think your neighbors want to be cracking your wireless network though?
If you only have a 64 bit web client card, setup 64 bit, change the key as frequently as you feel necessary, add mac filtering, and don't worry too much about your neighbors trying to steal access.
If you only have a 64 bit web client card, setup 64 bit, change the key as frequently as you feel necessary, add mac filtering, and don't worry too much about your neighbors trying to steal access.
skyking
Lifer
- Nov 21, 2001
- 22,786
- 5,941
- 146
The Mac address filtering is very effective. The wep key would have to be cracked, and then the mac addy would have to be cloned. When you tried a simultaneous connection with two identical mac addys, NAT would have a bovine unit
I had the exact unit you have, and was setting it up from a wired port. I got the mac addy of my wireless unit pugged in, and enabled mac filtering. I forgot to put the desktop's mac addy in, though. I was immediately disconnected, oops!
I had the exact unit you have, and was setting it up from a wired port. I got the mac addy of my wireless unit pugged in, and enabled mac filtering. I forgot to put the desktop's mac addy in, though. I was immediately disconnected, oops!
- Oct 25, 1999
- 29,553
- 430
- 126
The combination of Unique SSID. MAC filtering and WEP are effective.
In addition if you are using DHCP assign it with a band that is equal to the number of computers that you are using at one time. This way will not have extra IP to give to an uninvited guest.
Is it Crackable? YES
However it needs a lot of time (I mean days), and real knowledge and tools to spoof MAC number, and to brink all the three together.
If you are really worried. Rotate changes of SSID and WEP. I.e. change every few days the SSID, and then after few days the WEP, and then the SSID and so on and so forth.
In addition if you are using DHCP assign it with a band that is equal to the number of computers that you are using at one time. This way will not have extra IP to give to an uninvited guest.
Is it Crackable? YES
However it needs a lot of time (I mean days), and real knowledge and tools to spoof MAC number, and to brink all the three together.
If you are really worried. Rotate changes of SSID and WEP. I.e. change every few days the SSID, and then after few days the WEP, and then the SSID and so on and so forth.
...AND DON'T forget to turn off the SSID broadcast ....then the would be listener would also have to guess the SSID (default for most units is to broadcast the SSID - some OS (like Win XP) can off itup as a connection suggestion.
Since it's your network, you know what the SSID is, just enter it manually at each client.
Good Luck
Scott
Since it's your network, you know what the SSID is, just enter it manually at each client.
Good Luck
Scott
- Oct 25, 1999
- 29,553
- 430
- 126
You are right as compare to eternity few days is a very short time.
The remark was trying to indicate that since it takes few days, if you change parameters every few days the crackers are back to square one.
In addition if this is so crucial, and you have a lot of ?treasures? on your Hard Drive, you can invest in non-standard Wireless with especial encryption.
Or you can wait for WPA to come out.
The remark was trying to indicate that since it takes few days, if you change parameters every few days the crackers are back to square one.
In addition if this is so crucial, and you have a lot of ?treasures? on your Hard Drive, you can invest in non-standard Wireless with especial encryption.
Or you can wait for WPA to come out.
Turning off your SSID is useless (well pretty much all of these techniques are useless, except if you use them all in combination you'll probably be ok)
Once a user cracks your WEP key, its just a matter of time before they get the SSID from one of your hosts re-associating.
Some of the high-end WAPs do some really cool stuff. Cisco ones authenticate you off a RADIUS server, and then have a different WEP key for every active host. Plus its rotated frequently (faster than someone could crack it, even at a sustained 11mbps). The only problem is it requres proprietary cisco client software that I belive is windows only. Oh and their APs are mad expensive.
Other than that there's good old IPSec, but i've never once seen a good article/howto on it.
bart
Once a user cracks your WEP key, its just a matter of time before they get the SSID from one of your hosts re-associating.
Some of the high-end WAPs do some really cool stuff. Cisco ones authenticate you off a RADIUS server, and then have a different WEP key for every active host. Plus its rotated frequently (faster than someone could crack it, even at a sustained 11mbps). The only problem is it requres proprietary cisco client software that I belive is windows only. Oh and their APs are mad expensive.
Other than that there's good old IPSec, but i've never once seen a good article/howto on it.
bart
The actual encryption mechanism is pretty secure, and the keys are constantly rotated, so a naive brute force attack would actually take quite a while to run on a large quatity of data. However, I remember reading about a weakness in the initialization vector (1) it's small and (2) can be guessed from a small sample of data. This was all detailed in a paper written by the first couple of guys who were able to crack the standard. It's been a while, but I think you'd still be able to find that paper somewhere.
Bottom line, unless you're trying to protect some sensitive data against people with the resources and desire to steal it, the weakness shouldn't be an issue.
Bottom line, unless you're trying to protect some sensitive data against people with the resources and desire to steal it, the weakness shouldn't be an issue.
Well my dad is currently a lead attorney on a hundred million dollar lawsuit, but fortunately he doesn't work at home.
I recently got a 3COM 8000. They have all of the WiFi options & MAC filtering, plus EAP/MD5, EAP-TLS, and a 3com method that's fairly easy to bring up and doesn't need a RADIUS server or CA (user list on the AP w/ login from the client - generates random 128 bit keys). If you decide to use certificates, they give you a cert set with every AP.
I've had it for ~ a week, signal strength and quality are "excellent" everywhere in my house (townhome).
So far, I'm very happy with it.
FWIW
Scott
I've had it for ~ a week, signal strength and quality are "excellent" everywhere in my house (townhome).
So far, I'm very happy with it.
FWIW
Scott
Fallen Kell
Diamond Member
- Oct 9, 1999
- 6,221
- 540
- 126
WEP with MAC filtering gives me enough sense of security that I don't worry much about it.
I figure I have a just as good of a chance of someone breaking into my house and stealing all my stuff.
I guess it depends what your traffic is.
I figure I have a just as good of a chance of someone breaking into my house and stealing all my stuff.
I guess it depends what your traffic is.
If I jump up to 256 bit WEP encoding....would it really be that much better? How badly would it slow down data transfer?
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter